Penetration Testing mailing list archives
RE: Designing Network Security
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 6 Jan 2006 10:44:51 -0800
This probably isn't the best place to get information on network design and planning but we *can* discuss what topologies or technologies we've seen work well from our pen-testing experience. Pen-testers have a unique view of network design since we are the ones who actually test the stuff out there in the real world. Well list? For instance, I have a personal bias against Cisco PIX firewalls and MS ISS web servers since a large majority of the ones I've run across doing pen-tests have been misconfigured and full of holes. I'm not saying that the products can't be locked down and effective, just that it's not what I normally find in the real world. -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: kaushik [mailto:kaushik.mamania () dg2l com] Sent: Thursday, January 05, 2006 10:44 PM To: pen-test () securityfocus com Subject: Designing Network Security Hello List, May be this is not the right list to post. Since we need to protect ourselves from crackers, malicious traffic am taking the liberty to post here. We need to redesign the network. We need to place a web server, mail server , VOIP server within the DMZ and also put an IDS in place. How should one go about designing the same. Have to concentrate on protecting the Intellectual Property as well since we are a R&D center. Will need some good policies for the same. Can some one direct me to good online resources in the vast sea available. Warm Regards Kaushik -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- ----------------- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 1/5/2006
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 1/5/2006 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Designing Network Security kaushik (Jan 06)
- RE: Designing Network Security Erin Carroll (Jan 06)
- Re: Designing Network Security Joachim Schipper (Jan 06)